This commit adds the ability to install psad at a custom location via the
--install-root <root> command line argument to install.pl. This feature
was suggested by @pyllyukko. In addition, psad can be installed by a
normal user instead requiring root.

Thic commit allows psad memory usage to be constrained by restricting the
number of unique IP pairs that psad tracks via a new config variable
MAX_SCAN_IP_PAIRS. This is useful for when psad is deployed on systems with
little memory, and is best utilized in conjunction with disabling
ENABLE_PERSISTENCE so that old scans will also be deleted (and thereby making
room for tracking new scans under the MAX_SCAN_IP_PAIRS threshold).

There are not yet any IPv6 fingerprints for p0f, so psad needs to ensure that
its p0f implementation over iptables log messages is restricted to IPv4
packets. This change will make it easier to integrate an IPv6 implementation
of p0f as well.

In the /var/log/psad/<ip>/ directories, whois information is stored in the
<IP>_whois files, the IP in the filename was included as a destination IP under
the psad -S output. This commit fixes this bug. Here is an example of the
invalid output:

perl likes to generate warnings like the one seen below if the STDOUT or STDERR
filehandles are closed when going into daemon mode and other filehandles are
used. This change removes closing these filehandles when psad is run as a
daemon:

This is the first major commit for IPv6 support, and starts with the ability to
parse IPv6 log messages for the following protocols: TCP, UDP, UDPLITE, and
ICMP6. Scans and signature matches are not yet detected, but that is coming
soon. Here are a few example ip6tables logging messages that psad now
supports:

- Altered the 'ET MALWARE Bundleware Spyware CHM Download' Snort rule in
the bundled Emerging Threats rule set to make sure that ClamAV does not
flag on the pattern "mhtml\:file\://" which is associated with the
following ClamAV signature:

- Bug fix for ICMP packet handling where psad would incorrectly interpret
ICMP port unreachable messages as UDP packets because the UDP specifics
are included in the iptables log message. This bug was first reported by
Lukas Baxa to the Debian maintainers and was followed up by Franck
Joncourt:

- Updated psad to issues whois lookups against IP addresses that are not
directly connected to the local system. This is useful for example when
an internal system is scanning an external destination system, and the
scan is logged in the FORWARD chain. Issuing whois lookups on the
internal system (frequently on RFC 1918 address space) is not usually
very useful, but issuing the whois lookup against the destination system
gives much more interesting data. This feature can be disabled with the
new ENABLE_WHOIS_FORCE_SRC_IP variable.